The recent digital revolution in banking and financial services around the world is transforming the way we make and receive payments, save and borrow. With the increase in digital banks, digital banking, digital payments and financial services delivered via the Internet and mobile apps, a cashless society seems ever nearer.
According to UK Finance, by 2031, 93% of UK adults will use remote banking and face-to-face service will be consigned to the same place as banknotes and chequebooks. Digital or not, trust will remain at the heart of banking; financial service providers will still have to trust their customers and their customers will have to trust them in return.
So, this highly regulated industry is tasked with knowing its customers and building that trust at a distance; collecting and verifying information about customers and monitoring their activities online, to identify and mitigate risks of money laundering, fraud and other illicit activities.
Customer due diligence (CDD) is the process banks and other financial services use to gather and evaluate relevant information about a customer or potential customer. The Financial Action Task Force (FATF) describes CDD as the act of “identifying the customer and verifying that customer's identity using reliable, independent source documents, data or information.”
The terms customer due diligence and know your customer (KYC) tend to be used interchangeably. KYC is the overarching regulatory principle and compliance imperative for businesses, while CDD is a more holistic description of active information collection, risk assessment and ongoing monitoring of customer identity and transactions throughout the customer lifecycle.
In the fight against financial crime and the prevention of money laundering, banks and other regulated financial services have an obligation to know their customer and CDD is central to this process. Banks, neobanks and financial services, including, credit, payment and money transfer services must all comply or risk penalties for non-compliance and damage to brand reputation.
When and how CDD should be applied tends to be fairly consistent across the countries and territories that are members of FATF. Each jurisdiction uses FATF guidance as the basis of their own regulatory requirements for banks and financial services firms .
Banks and financial services must carry out CDD before establishing a new business relationship with personal or business customers. During the ongoing monitoring of customer activity, CDD must also be applied in response to specified risk criteria; for example, if the high value or counterparty of a transaction is flagged as suspicious, potentially signalling money laundering or financing terrorism.
Before any business relationship can begin, the bank or financial service firm must first gather information identifying the individual or business customer. CDD for business customers requires the identification of any beneficial owners, information on the business model and source of funds.
For personal customers in the UK, for example, the minimum personal data that must be collected by a bank or financial services is:
Once the customer’s information has been collected, the bank or financial service must verify that the information is correct, ensuring that the customer is who they say they are. For business customers, this will include verifying the identity of any beneficial owner of the business.
A digital identity verification solution designed to operate and scale with your business is essential to conducting customer due diligence for banking and financial services delivered online. Optimising and automating a risk-based approach to verification will give customers the best onboarding experience, fast-tracking low-risk customers.
Customer due diligence will include identity data verification against trusted data sets; these can include government sources, credit bureaus, and mobile operator databases. It may also include digital identity document verification for identity proofing, combining document scanning, biometric authentication and liveness checks to establish the genuine presence of the customer.
The bank or financial service must assign a level of risk for money laundering or terrorist financing to each customer. This risk assessment is made using its own framework, appropriate to its service offering, but it will typically involve segmenting customers by identity, location and type of business.
An essential part of this risk-based approach to AML requires the bank or financial service business to check government watchlists for Politically Exposed Persons (PEPs) and sanctioned individuals to determine whether and how the customer can be served.
Politically Exposed Persons (PEPs) are individuals with a high political profile or who hold or have held public office. Regarded as vulnerable to corruption and at a ‘high’ risk of money laundering, it is likely these individuals will require extended due diligence (EDD) checks to be performed at onboarding, however, this is determined by the nature of the business and its own risk-based approach.
The US, UK, EU and other countries and international bodies impose sanctions on countries, businesses and individuals to prohibit doing business with them. Banks and financial services should not accept as customers, individuals who are subject to financial sanctions. The Office of Foreign Assets Control (OFAC) in the USA and the Office for Financial Sanctions Implementation (OFSI) in the UK produce watchlists among others.
The level of due diligence a bank or financial service conducts is enhanced for customers and prospective customers judged to be a higher risk; for example, if they are a politically exposed person or a target of economic sanctions. In these cases, the business is required to take additional measures to manage and mitigate the risks involved in such a relationship.
Enhanced due diligence (EDD) for personal customers may include one or more of the following additional checks:
Businesses serving high-risk customers must demonstrate that they have adequately assessed and continue to mitigate these risks. They must increase monitoring of the business relationship and as far as reasonably possible, examine the background and purpose of transactions.
Due diligence doesn’t stop after a customer has been onboarded to the business. CDD for banks and financial services must include ongoing monitoring for changes in customer status (movement between risk categories), changing fraud signals emitted by customer identities, as well as ongoing transaction monitoring for suspicious activities.
All suspicious activity must be investigated which may involve requests for additional information from the customer; for example, the source of funds for a transaction. If a bank or financial service firm has suspicions that money laundering is taking place, these must be flagged to the regulator in a suspicious activity report.
In the digital market for banking and financial services, trust has brand value. Approaching due diligence as a feature of your customer experience makes good business sense and can help to build trust with customers, partners and regulators.
The right balance of personal identifiers, identity documents, biometrics, behaviours and signals, at the right touchpoints, is an opportunity to establish reciprocal trust between the customer and financial service provider instilling a greater degree of consumer confidence from onboarding onwards.
The best KYC solutions for banking and financial services are configured to match your business needs and risk profile and built to automatically accept, decline, or refer applications, speeding up the due diligence process for legitimate customers who represent a low risk.
These solutions combine risk management engines that search for customer risk signals using accurate trust scoring algorithms with a range of identity data verification and document proofing and biometric authenticating technologies.
Customer journeys dynamically adjust at key decisioning points to offer greater speed and lower friction or higher security as required
Speed and convenience matter as much as security for successful brands looking to build customer relationships based on trust. A great experience and a safe experience are indivisible for customer acquisition and business growth.
Intelligent digital identity verification solutions can be integrated into your existing processes quickly and easily, ensuring your business only gets genuine customers through the door and blocks fraudsters, without impacting the customer experience.
Anti-money laundering (AML) refers to a wide set of laws and regulations mandating steps that financial institutions and other regulated industries must take to prevent criminals from laundering money or any property derived from or obtained, directly or indirectly, through the commission of an offence. Regulated businesses must not knowingly or unknowingly aid these activities.
Know your customer (KYC) is a requirement for regulated industries. It refers to the customer due diligence (CDD) and enhanced due diligence (EDD) activities that companies must carry out to ensure their customers are genuine and do not pose an individual risk to the business at the point of onboarding and as part of continuous monitoring during the business relationship.
Hear from us when we launch new research, guides and reports.